btcec/schnorr/musig2: add pubkey check to Sign

This commit adds a check that the public key of the private key
that is passed to the Sign function is included in the slice of public
keys.

Reference jonasnick/bips@ea47d52

btcec/schnorr/musig2/data/sign_verify_vectors.json

@@ -83,6 +83,17 @@
         }
     ],
     "sign_error_test_cases": [
+        {
+            "key_indices": [1, 2],
+            "aggnonce_index": 0,
+            "msg_index": 0,
+            "secnonce_index": 0,
+            "error": {
+                "type": "value",
+                "message": "The signer's pubkey must be included in the list of pubkeys."
+            },
+            "comment": "The signers pubkey is not in the list of pubkeys"
+        },
         {
             "key_indices": [1, 0, 3],
             "aggnonce_index": 0,

btcec/schnorr/musig2/sign.go

@@ -42,6 +42,11 @@ var (
 	// ErrSecNoncePubkey is returned when the signing key does not match the
 	// sec nonce pubkey
 	ErrSecNoncePubkey = fmt.Errorf("public key does not match secnonce")
+
+	// ErrPubkeyNotIncluded is returned when the signers pubkey is not included
+	// in the list of pubkeys.
+	ErrPubkeyNotIncluded = fmt.Errorf("signer's pubkey must be included" +
+		" in the list of pubkeys")
 )
 
 // infinityPoint is the jacobian representation of the point at infinity.
@@ -263,6 +268,18 @@ func Sign(secNonce [SecNonceSize]byte, privKey *btcec.PrivateKey,
 		return nil, ErrSecNoncePubkey
 	}
 
+	// Check that the key set contains the public key to our private key.
+	var containsPrivKey bool
+	for _, pk := range pubKeys {
+		if privKey.PubKey().IsEqual(pk) {
+			containsPrivKey = true
+		}
+	}
+
+	if !containsPrivKey {
+		return nil, ErrPubkeyNotIncluded
+	}
+
 	// Compute the hash of all the keys here as we'll need it do aggregate
 	// the keys and also at the final step of signing.
 	keysHash := keyHashFingerprint(pubKeys, opts.sortKeys)